The future of cryptography
12 May 2003
Quantum cryptography, steganography and theory of covert channels
are three most important directions of development in a modern cryptography.
Author: Tomasz Grabowski
Translation: Aleksandra Malak
the beginning of existence, cryptography was an army domain, and information’s about expansion in this particular sphere
were strictly controlled. That’s why a modern cryptography, which is a science connected with theoretical mathematics
and physics, is quite young. First comprehensive science work about methods of coding is The Index of Coincidence and Its
Applications in Cryptography by William F. Friedman, which was published in 1918. This book is still considered as one of
the most important cryptanalysis works of XX century.
Clear increase of interest in cryptography as a science
domain was seen in years 30’s and 40’s of the last century. One of the most important publication from that time
is The Communication Theory of Secrecy Systems by Claude Shannon. With a great dose of probability, this book was uncovered
by mistake, because it has been written during the second World War and was a description of the experiments leaded by the
author at that time.
The real turning point in a domain of publicly available literature considering cryptography
was, nowadays legendary, famous book by David Kahn, The Codebreakers, published in 1967. It helped thousands of people to
get acquainted with basic theories and practical aspects of cryptography. The curious thing is a fact, that at that time some
chapters of that book were secret, also in Poland.
Today, literature about cryptography – even the very advanced
one – is available practically for everyone. We can get an impression, that so much has been written about cryptography
in books and specialized articles, that there is nothing secret in it any more. But this is only an impression. Although it
is apparently available, the expansion of that domain is still under an envelope of secrets, and sometimes, even independent
works are hindered.
However works over cryptography – both the covert and the public one’s –
are still in progress. As their effect, techniques, algorithms and conceptions appears, that most certainty are lying under
fundaments of “future coding”. From many directions of nowadays studies over cryptography, three deserve
a special care: quantum cryptography, steganography and so called covert channels.
Detection of a bug in a phone or a radio net is practically impossible. Of course, we can
argue, that with a sufficiently sensitive measurements of voltage in telephone net or a local changes of power intensity in
radio waves, the bug can be identified. However, assuming that the bug is leaded “professionally” it is unaccomplishable
The world of elementary particles bases on a different rules. Quantum cryptography uses a fact –
in accordance to rules of quantum mechanics – that we can’t measure any value of elementary particle (for example
photon) without having some kind of influence on its state. The measurements of photon speed can influence on its real speed,
change of position or an angle of polarization.
For information security, it means that any trial of eavesdrop
or interception of the transmission realized with help of elementary particles would be instantly detected. The domain in
which quantum cryptography evokes the greatest hopes, is safe exchange of coding keys between sites which participate in communication.
What looks good in theory doesn’t have to succeed in practice. The best, because simplest, way of transmitting
zeros and ones with usage of photons, is giving them different angle of polarization. However, here is the problem: already
existing devices emits beams with a solid polarization. The possibility for fast change of light polarization is, at least
for now, one of the major barrier in expansion of quantum cryptography.
Another source of trouble is imperfection
of centers, in which light is sent. Even in best optical waveguide, a certain number of photons decay. In experiments leaded
presently, coding information’s bases, conventionally speaking, on few photons that have the same features. Even if
some of them decay on a way, the ones that reach the target would carry the proper information. This method, though seems
reasonable, puts under the question mark meaning of quantum coding. If one photon can decay or change features, doesn’t
it give a sufficient wicket for a bug? Also we must consider external interferences. Of course there are methods to eliminate
them but still, can’t they be used as a tool to hide the fact that the bug was planted?
Trials of quantum
coding are leaded for a few years. Experiments in range of aerial transmission shown, that it is possible to transmit data
with usage of quantum coding on distance approximately 10 km. The higher, the lesser air density. So it is possible,
that in some conditions, this method can be used to communication between ground-stations and satellites on higher orbits.
But that’s another theory, and even if it was true, it’s still not enough – both from operator and Internet
user point of view.
Those implementation problems are only a top of an iceberg for problems that stands in a front
of the quantum cryptography. We can assume, that it won’t leave walls of laboratory for a long time, and become
most of all, a domain for intellectual practice.
The major defect of all presently used methods for coding transmissions is, that the person which eavesdrops is able
to detect the fact that data are sent. Even if the spy who works abroad, encipher information’s and then sent them to
his homeland, the mere fact that those information’s were activated will stir up suspicions. Besides, even if the eavesdropper
doesn’t know what is covert in those enciphered packets, he might want to register them in original order, and on this
basis attempt to guess the key.
One of cryptography domains – steganography - is
dealing with covering transmissions. Its usage bases on covering confident information’s inside overt data, for example
on coding text messages as a sequence of pixels in JPG picture. Steganography needs direct communication between sender and
receiver. This defect doesn’t occur in technique which consist in compiling so called covert channels. Covert communication
channel basis on communication with help of state or packing objects, which doesn’t serve to sending data. Here is the
Imagine a computer system, in which users can’t communicate with each other. Covert channel forms
in case, when sites can identically interpret specific sequences of events. It can be for example, an information about a
number of free space on a hard disk, sharing memory, processor, device, interruption (IRQ), and so on. Basing on code that
was settled earlier, both sites can send information’s to each other.
For example process A, that receives
the message, can demand interruption every 100 ms. Process B also can demand this interruption, however every demand made
by process B, will cause time elongation of service for demands made by process A. Measuring time, that passed from the moment
the demand was sent, till the time it was received from the operation system, process A is able to determine if the process
B demanded interruption in the same time or not, and each state from this two, treat as a 1 or a 0. The examples can be multiplied.
Specific technical description of many similar techniques of sending data can be found in published in USA, by National Security
Agency document: NCSC-TG-030: A Guide to Understanding Covert Channel Analysis of Trusted Systems.
Experiment in Szczecin
Encipher based on covert channels is not only a theory. To prove
that, in Academic Centre of Computer Science at Technical University of Szczecin we created a software for compiling covert
channel between web browser and WWW server.
The content of secret message is transferred as followed: the web
browser (receiver of the message) sends to server (sender) a demand for downloading dynamically generated WWW site. Server
shows every data that are connected with this web site, in a shape of many different files: text, graphic and so on. Coding
of covert message bases on a sequence, kind and number of sent files.
Movement analysis or even the content of
information won’t do anything. The one who doesn’t know the method of coding is not able to decipher covert
information. He doesn’t even know if there is any communication. Considering the method of coding, individual
transmission enables sending dozens of ASCII signs. And that is enough to send for example user name and the password.